netfilter: nft_exthdr: check for IPv6 packet before further processing

stable inclusion
from linux-4.19.198
commit 0cb785dd9e42be71ec92fee8ef984c0a1e64dab3

--------------------------------

[ Upstream commit cdd73cc5 ]

ipv6_find_hdr() does not validate that this is an IPv6 packet. Add a
sanity check for calling ipv6_find_hdr() to make sure an IPv6 packet
is passed for parsing.

Fixes: 96518518 ("netfilter: add nftables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>